When remotely accessing sensitive sources from an untrusted terminal, such as a kiosk, a PC at a client site, or a computer in a hotel room, a user generally has two choices. First, the user can give the untrusted device full access to the domain containing the sensitive resources. For example, a user name and password, typed in from a kiosk PC, gives that untrusted PC full access to the user's home network, either at the user's house or workplace.
Second, the user creates some sort of restricted role by specifying ahead of time to which of the sensitive resources the restricted role will have access. For example, a user has a ‘traveling’ or guest username and password that allows a user to see only those things that were previously determined would be accessible by that username and password. A shortcoming of this approach is that the user may need more dynamic access to the sensitive resources or may incorrectly guess at which resource he or she will need when operating remotely.
This situation puts the user in between unsecure operations, allowing an unknown, untrusted terminal access to sensitive resources, and inconvenience, having to correctly guess to what access will be needed or going without that access.